Comment 19 for bug 309655

This bug was fixed in the package seamonkey - 1.1.15+nobinonly-0ubuntu0.8.04.2

---------------
seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.2) hardy-security; urgency=low

  * CVE-2009-1044: Arbitrary code execution via XUL tree element
    - add debian/patches/90_181_484320_attachment_368977.patch
    - update debian/patches/series
  * CVE-2009-1169: XSL Transformation vulnerability
    - add 90_181_485217_attachment_369357.patch
    - add debian/patches/90_181_485286_attachment_369457.patch

seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release: 1.1.15 (LP: #309655)
    - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
    - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
    - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
    - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
    - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

seamonkey (1.1.14+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release: 1.1.14 (LP: #309655)
    - CVE-2008-5511: XSS and JavaScript privilege escalation
    - CVE-2008-5510: Escaped null characters ignored by CSS parser
    - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
    - CVE-2008-5507: Cross-domain data theft via script redirect error message
    - CVE-2008-5506: XMLHttpRequest 302 response disclosure
    - CVE-2008-5503: Information stealing via loadBindingDocument
    - CVE-2008-5501..5500: Crashes with evidence of memory corruption
      (rv:1.9.0.5/1.8.1.19)
  * drop patches applied upstream
    - delete debian/patches/35_zip_cache.patch
    - update debian/patches/series

 -- Alexander Sack <email address hidden> Tue, 31 Mar 2009 13:21:19 +0200